Nothing Special   »   [go: up one dir, main page]

TWI418197B - Encryption protection method - Google Patents

Encryption protection method Download PDF

Info

Publication number
TWI418197B
TWI418197B TW095142013A TW95142013A TWI418197B TW I418197 B TWI418197 B TW I418197B TW 095142013 A TW095142013 A TW 095142013A TW 95142013 A TW95142013 A TW 95142013A TW I418197 B TWI418197 B TW I418197B
Authority
TW
Taiwan
Prior art keywords
mask
key
encryption
round
masks
Prior art date
Application number
TW095142013A
Other languages
Chinese (zh)
Other versions
TW200742383A (en
Inventor
Dupaquis Vincent
Douguet Michel
Original Assignee
Inside Secure
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inside Secure filed Critical Inside Secure
Publication of TW200742383A publication Critical patent/TW200742383A/en
Application granted granted Critical
Publication of TWI418197B publication Critical patent/TWI418197B/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K1/00Secret communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/04Masking or blinding
    • H04L2209/043Masking or blinding of tables, e.g. lookup, substitution or mapping
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/24Key scheduling, i.e. generating round keys or sub-keys for block encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Description

加密保護方法 Encryption protection method

本發明是有關於一種保護密碼硬體引擎使其在運算期間不受鎖定密碼分析攻擊,以及特別有關於經由使用遮罩方法(錯誤或假性運算)而保護在加密演算法替代(S-箱)運算之輸入值(在鑰匙側),使在任何給定回合中不受側通道攻擊。The present invention relates to a protected cryptographic hardware engine that is protected from locked cryptanalysis attacks during operations, and is particularly useful in protecting encrypted algorithms by using masking methods (error or pseudo-operations) (S-box The input value of the operation (on the key side) so that it is not attacked by the side channel in any given round.

在Johnson等人之美國專利申請公開案第2004/0139340號中,討論此等問題,其藉由此包括使用假性碼以隱藏真實碼之嘗試,以使得加密演算法安全而防止例如統計與資料流分析之所謂「白箱攻擊」。Johnson等人提供一種替代解決方案,其包括資訊轉換、組合、或損失之廣泛分佈地點,以及產生更多功能與轉換,以改變此對攻擊者可見之處理活動。此等解決方案應用於所例示之實施中,其係針對保全此使用DES演算法或其變化方式之智慧卡(smart card)。These problems are discussed in U.S. Patent Application Publication No. 2004/0139340 to Johnson et al., which incorporates the use of a pseudo-code to hide the real code, so that the encryption algorithm is safe and prevents, for example, statistics and data. The so-called "white box attack" of flow analysis. Johnson et al. provide an alternative solution that includes a wide distribution of information conversions, combinations, or losses, as well as generating more functions and transformations to change the processing activity visible to the attacker. These solutions are applied to the illustrated implementation for securing a smart card that uses the DES algorithm or its variations.

在Chari等人之美國專利申請公開案第2003/0044003號中,揭示一種用於執行查表以抵抗側通道攻擊之方法與系統。此系統與方法使用表遮罩運算,其中,此遮罩表中之項目與原始表中之項目完全獨立無關。此表遮罩運算以下列之一或兩者實施:(1)表分解運算,用於大的表或具有大指數尺寸之表;或(2)表整合運算,將數個表整合成一個表。In US Patent Application Publication No. 2003/0044003 to Chari et al., a method and system for performing a look-up table against side channel attacks is disclosed. This system and method uses a table mask operation where the items in this mask table are completely independent of the items in the original table. This table mask operation is implemented by one or both of the following: (1) table decomposition operation for large tables or tables with large exponential sizes; or (2) table integration operations, integrating several tables into one table .

在Kaiserwerth等人之美國專利申請公開案第2003/0093684號中,討論加密演算法特別是對於功率分析攻擊之潛在弱點。在其上下文內容中,其提示此單一DES之小鑰匙尺寸(有效地56位元)對於防止鑰匙窮舉攻擊不再被認為安全,而須要進展至例如三個DES之變化形式(使用至少兩個且較佳三個獨立鑰匙以執行三次作為:加密-解密-加密)。此外,此DES中S-箱(box)對於S-箱輸入與輸出之差異分析潛在地脆弱,以致於可以從56個鑰匙位元獲得48個鑰匙位元。Kaiserwerth等人揭示數種措施以擊敗此種型式之攻擊,其包括使用遮罩運算與Hamming中性位元串。In US Patent Application Publication No. 2003/0093684 to Kaiserwerth et al., the potential weakness of encryption algorithms, particularly for power analysis attacks, is discussed. In its context, it suggests that the small key size (effectively 56 bits) of this single DES is no longer considered safe for preventing key exhaustive attacks, but needs to progress to, for example, three variants of DES (using at least two And preferably three independent keys are executed three times as: encryption-decryption-encryption. Furthermore, the S-box in this DES is potentially vulnerable to the analysis of the difference between the S-box input and output, so that 48 key bits can be obtained from 56 key bits. Kaiserwerth et al. disclose several measures to defeat this type of attack, including the use of mask operations and Hamming neutral bit strings.

在Kocher等人之美國專利案第6,278,783號中,揭示一種改良式DES執行方式,其中此S-箱表係以規律基礎遮掩(blind)且隨機變換,且鑰匙與訊息區塊兩者係被遮掩,藉由按位元以互斥或(XOR)運算,而產生與原來值有關之可變換之兩個部份之值。In U.S. Patent No. 6,278,783 to Kocher et al., an improved DES implementation is disclosed in which the S-box table is blinded and randomly transformed on a regular basis, and both the key and the message block are obscured. The value of the transformable two parts associated with the original value is generated by a mutually exclusive or (XOR) operation by bit.

通常,此種側通道攻擊涉及在執行目標加密演算法期間,外部地監視此密碼硬體之功率消耗或電磁發射,以及嘗試將此所監視到特徵之時間輪廓與此目標演算法者相關,以獲得關於此鑰匙可使用之資訊。例如,一個此種攻擊可以直接以此演算法之S-箱之輸入側演算法執行部份為目標,在此處資料與次鑰匙在一給定回合中係經XOR。一種保護此加密演算法以防止側通道攻擊之方法為使用隨機遮罩或遮掩方法,即與真實運算一起實施各種偽或假性運算。然而,此種隨機遮罩方法之問題為並無法控制在此增加之假性運算執行中所注入之熵(entropy),以致於仍然可以使用統計技術揭露運算。Typically, such side channel attacks involve externally monitoring the power consumption or electromagnetic emissions of the cryptographic hardware during execution of the target encryption algorithm, and attempting to correlate the time profile of the monitored feature with the target algorithm operator. Get information about the key that can be used. For example, one such attack can directly target the execution side of the S-box's input side algorithm, where the data and the secondary key are XORed in a given round. One way to protect this cryptographic algorithm to prevent side channel attacks is to use a random mask or masking method that performs various pseudo or sham operations together with the real operation. However, the problem with such a random masking method is that it does not control the entropy injected in the increased pseudo-operation execution, so that statistical techniques can still be used to expose the computation.

本發明有關一種用於容易作為目標攻擊之加密演算法之決定性遮掩方法,其尤其適用但並不僅受限於此等加密演算法,其使用替代(S-箱)運算或將資料與回合次鑰匙邏輯地組合,例如將在加密S-箱之輸入側按位元以XOR運算。本發明之決定性遮掩方法,當在執行一組偽或假性運算時會控制所注入之熵,以達成較純粹隨機遮掩或遮罩技術對於真實運算更大許多之保護。The present invention relates to a decisive masking method for an encryption algorithm that is easily targeted as a target attack, which is particularly applicable but not limited to such encryption algorithms, which use an alternative (S-box) operation or a data and round key. Logically combined, for example, the bit will be XORed on the input side of the encrypted S-box. The decisive masking method of the present invention controls the entropy injected when performing a set of pseudo or pseudo operations to achieve a much greater protection against real operations than purely random masking or masking techniques.

此方法通常以事先建構一個遮罩表開始,其包括:對應於真實鑰匙之一列及多數個保護列,其係被建立以遮掩在各種組合中此鑰匙之至少一些位元。當來自此表之列與一給定鑰匙邏輯地組合時,此方法可以獲得一組鑰匙,其中只有一個為真實,其餘所有均為假性鑰匙。(例如,按位元以XOR組合運算之情形中,此對應於真實鑰匙之表中之列為包括所有0位元之遮罩,而此保護列至少為有些位元為1之遮罩)。此加密演算法使用此等真實與假性鑰匙、以隨機順序在訊息區塊上多次執行,以產生相對應之真實與假性回合次鑰匙。將此由真實鑰匙應用至加密運算所獲得之結果儲存於記憶體中,而將由假性鑰匙所獲得之結果儲存於假性記憶體位置中。在對於各此等鑰匙執行過加密之後,可以由此記憶體存取真實結果。The method generally begins with the construction of a mask table in advance, which includes: corresponding to one of the real keys and a plurality of guard columns, which are established to mask at least some of the keys in the various combinations. When the columns from this table are logically combined with a given key, this method obtains a set of keys, of which only one is true and all others are false keys. (For example, in the case of a bitwise combination of XOR operations, this column corresponding to the real key is a mask that includes all 0 bits, and this guard column is at least a mask with some bits of 1.) This cryptographic algorithm is executed multiple times on the message block in random order using these real and false keys to produce the corresponding real and false round secondary keys. The result obtained by applying the real key to the encryption operation is stored in the memory, and the result obtained by the pseudo key is stored in the dummy memory location. After the encryption has been performed for each of these keys, the real result can be accessed by this memory.

以替代方式,在此等加密回合中,此遮罩表之此等列可以與此等次鑰匙邏輯地組合,以獲得用於各此等回合之真實次鑰匙、與一組假性次鑰匙。然後,根據此加碼回合應用此等次鑰匙以處理訊息區塊,而僅將真實結果傳送至下一回合。Alternatively, in such encryption rounds, such columns of the mask table can be logically combined with the secondary keys to obtain a real secondary key for each of the rounds, and a set of false secondary keys. Then, according to this plus code round, these secondary keys are applied to process the message block, and only the real result is transmitted to the next round.

對於此等使用S-箱運算之加密演算法,此等一些數目n個位元將進入此S-箱(其通常執行作為查詢表)之輸入側。對於此S-箱因此會有2n 個可能輸入值。在本發明之一例示之具體例中,建構此包括2n 個遮罩之遮罩表。此等遮罩之一包含所有0(對應於真實運算),以及所有其他遮罩包含一些為1之位元(對應於假性運算)。此等遮罩係按位元以XOR,其係與(a)一鑰匙產生一組鑰匙(一真實鑰匙及其餘假性鑰匙),以由此產生相對應之真實與假性次鑰匙;或與(b)各回合次鑰匙產生一組用於各此等回合之次鑰匙(再度,一用於此回合之真實次鑰匙,其餘為用於此回合之假性次鑰匙)。在此等加密回合中,各此等次鑰匙接著與此n位元組中之資料邏輯地組合,而進入此等S-箱。可以特別地選擇在此表中之假性遮罩,以致於此進入S-箱中之組合位元組會具有所有之2n 個可能輸入值,因此將此攻擊者所看到的熵完全去除,以致於無法由外部確定:此使用於此S-箱運算中之真實回合次鑰匙。For such encryption algorithms that use S-box operations, these number of n bits will enter the input side of this S-box (which is typically executed as a lookup table). There are therefore 2 n possible input values for this S-box. In a specific example of the invention, a mask table comprising 2 n masks is constructed. One of these masks contains all 0s (corresponding to the real operation), and all other masks contain some bits of 1 (corresponding to false operations). These masks are XOR by bit, which is used to generate a set of keys (a real key and other false keys) with (a) a key to thereby generate a corresponding real and false secondary key; or (b) Each round of key produces a set of secondary keys for each of these rounds (again, one for the actual secondary key for this round, and the rest for the false secondary key for this round). In these encryption rounds, each of these secondary keys is then logically combined with the data in the n-bytes to enter the S-box. The pseudo-masks in this table can be specifically chosen such that the combined byte entered into the S-box will have all 2 n possible input values, thus completely removing the entropy seen by this attacker. Therefore, it cannot be determined externally: this is used in the real round key in this S-box operation.

此根據本發明之決定性遮掩可以應用作為「整體」遮罩方法或「內部」遮罩方法。此基本觀念為將此遮罩表之各列應用至鑰匙或回合次鑰匙,以獲得真實與假性鑰匙或次鑰匙。在此整體遮罩方法中,將此具有遮罩表之此等列之遮罩應用至此加密演算法之所執行回合以外之所有加密鑰匙。這允許保持此加密演算法本身現有硬體或軟體之執行,而無須任何內部修正。此整體遮罩係產生一真實加密鑰匙與一組假性加密鑰匙。然後,將此等加密鑰匙以隨機順序連續地應用至此加密演算法之多個回路中之訊息區塊。因此,此整體遮罩方法之實施可以處理加密方法之64個運算之回路。在各回路中可以使用此表隨機存取、以隨機擷取未被使用過之指數i,以便從此遮罩表獲得遮罩「i」。此在具有第一順序遮罩「i」之加密鑰匙上按位元以XOR運算產生經遮罩鑰匙。然後,此遮罩鑰匙可以此加密演算法中之訊息區塊處理,其可以包括由此遮罩鑰匙產生此回合之次鑰匙。如果此指數i為IndexMaskZero,則此所遮罩鑰匙為真實鑰匙,且此將加密演算法回路應用至訊息區塊之結果為真實結果,其接著係儲存於記憶體中。如果此指數i與IndexMaskZero不同,則此所遮罩鑰匙為假性鑰匙,且此假性結果將儲存於記憶體中之假性位置中。一旦已經執行所有回路,則可以從此記憶體存取此真實結果。This deterministic masking according to the invention can be applied as a "whole" masking method or an "internal" masking method. The basic idea is to apply the columns of this mask to the key or round key to get the real and false keys or secondary keys. In this overall masking method, masks of such columns with masked tables are applied to all encryption keys except the rounds performed by this encryption algorithm. This allows the execution of the existing hardware or software of this encryption algorithm itself without any internal corrections. This integral mask produces a real encryption key and a set of fake encryption keys. These encryption keys are then continuously applied in random order to the message blocks in the multiple loops of the encryption algorithm. Therefore, the implementation of this overall masking method can handle the loop of 64 operations of the encryption method. In this loop, the table can be randomly accessed to randomly retrieve the unused index i to obtain the mask "i" from the mask table. This produces a masked key in XOR operation by bit in the encryption key having the first order mask "i". This mask key can then be processed by the message block in this encryption algorithm, which can include the secondary key by which the mask key is generated by this mask. If the index i is IndexMaskZero, then the masked key is the real key, and the result of applying the encrypted algorithm loop to the message block is a real result, which is then stored in the memory. If this index i is different from IndexMaskZero, then the masked key is a fake key and this false result will be stored in the pseudo position in the memory. Once all loops have been executed, this real result can be accessed from this memory.

一種替代方法為「內部」遮罩方法。此技術修正此加密演算法之內部,而將遮罩內部應用至此等回合次鑰匙。在各此等加密回合中,在此遮罩表中所有遮罩以隨機順序連續地應用至此回合次鑰匙,以獲得用於此回合至真實回合次鑰匙與各種假性次鑰匙。使用此等遮罩次鑰匙,以處理此加密演算法之一回合之多個回路。特別是,執行此內部遮罩方法可以處理用於各加密回合之64個運算之回路,而具有從在此回合中尚未已經使用之指數值中隨機選擇一指數i,以便從此遮罩表獲得遮罩「i」,且將其應用至此回合次鑰匙。在以此遮罩此次鑰匙處理此回合之回路後,如果此指數為IndexMaskZero而對應於真實次鑰匙,則將此回合之正確結果儲存於記憶體中。如果此指數與IndexMaskZero不同,則其意味著此回合之回路已經以此假性次鑰匙處理,而將此不正確結果儲存於此記憶體之假性位置中。此正確結果會使用於下一個回合中,而此假性結果會被覆寫(overwritten)。An alternative is the "internal" masking method. This technique modifies the interior of this encryption algorithm and applies the mask inside to these round secondary keys. In each of these encrypted rounds, all masks in this masked table are continuously applied to this round of secondary keys in a random order to obtain the rounds for this round to the real round and various false secondary keys. Use these masked secondary keys to handle multiple loops in one round of this encryption algorithm. In particular, the execution of this internal masking method can process the loop of 64 operations for each encryption round, with an exponent i randomly selected from the index values that have not been used in this round to obtain the mask from the mask table. Cover "i" and apply it to this round of secondary keys. After this loop is used to mask the loop, if the index is IndexMaskZero and corresponds to the real secondary key, the correct result of this round is stored in the memory. If this index is different from IndexMaskZero, it means that the loop of this round has been processed with this false key, and this incorrect result is stored in the pseudo position of this memory. This correct result will be used in the next round, and this false result will be overwritten.

本發明之決定遮掩方法可以應用至容易受到側通道攻擊之硬體密碼引擎中所執行之各種加密演算法,以及尤其是具有鑰匙混合與S-箱運算而使用鑰匙排程之任何此等對稱區塊加密。為了說明目的,以下之描述將參考「資料加密演算法」,其原來為在1977年1月15日由聯邦資訊處理標準(Federal Information Processing Standards,FIPS)出版刊物46-3,由美國國家標準局(現在為國家標準與技術學院)所提出「資料加密標準」(DES)之核心,此標準在1999年10月25日重新確定(現在已撤回),且其以數種變化體而保持廣泛使用。最值得注意的,一種已知為三個DES(3DES)之變化體,且亦被知為三個資料加密演算法(TDEA),其涉及將此資料加密演算法以獨立鑰匙連續應用三次,如同於NIST Special Publication800-67(2004年5月)中所描述者。一種較為節省計算之替代變化體為DES-X,其使用一種已知為鑰匙白化之技術,藉由在此核心DES回合之前與後,將此額外64-位元鑰匙材料實施XOR,以增加鑰匙有效大小(即,DES-XK K 1 K 2 (M)=DESK (K1 ⊕ M)⊕ K2)。此等與其他DES變化體為方法,其由於其小的有效鑰匙大小,以減少DES對於窮舉鑰匙搜尋之弱點。還有其他變化體,其修正此S-箱表、鑰匙排程、或其他核心功能,以便較佳地抵抗線性密碼分析,或抵抗此DES並未特定被設計之其他潛在弱點。DES與其變化體通常使用作為智慧卡中之加密引擎,其因為容易存取,而對於側通道攻擊特別脆弱。本發明之決定遮掩方法實質上減少其在智慧卡與其他密碼硬體中之此種弱點。The decision masking method of the present invention can be applied to various cryptographic algorithms executed in a hardware cryptographic engine susceptible to side channel attacks, and in particular any symmetry region using key scheduling with key mixing and S-box operations. Block encryption. For illustrative purposes, the following description will refer to the "Data Encryption Algorithm", which was originally published on January 15, 1977 by the Federal Information Processing Standards (FIPS) publication 46-3, by the US National Bureau of Standards. (now the National Institute of Standards and Technology) at the heart of the Data Encryption Standard (DES), which was redefined on October 25, 1999 (now withdrawn) and is widely used in several variants. . Most notably, one variant known as three DES (3DES) is also known as the Three Data Encryption Algorithm (TDEA), which involves applying this data encryption algorithm three times in succession with a separate key, as As described in NIST Special Publication 800-67 (May 2004). A more computationally replaceable variant is DES-X, which uses a technique known as key whitening, by XORing this extra 64-bit key material before and after the core DES round to add keys Effective size (ie, DES-X K , K 1 , K 2 (M) = DES K (K1 ⊕ M) ⊕ K2). These and other DES variants are methods that reduce the weakness of DES for exhaustive key searches due to their small effective key size. There are other variants that modify the S-box table, key schedule, or other core functions to better resist linear cryptanalysis, or to resist other potential weaknesses that are not specifically designed for this DES. DES and its variants are commonly used as encryption engines in smart cards, which are particularly vulnerable to side channel attacks because of their ease of access. The decision masking method of the present invention substantially reduces this weakness in smart cards and other cryptographic hardware.

此DES在此等區塊之最初與最後置換之間、以16個相等回合在64位元訊息區塊上運算。設定此等運算模式而將DES應用至長於單一區塊之訊息。此DES使用64-位元鑰匙(KEY),其中8個位元專用於奇偶檢驗,因此有效之鑰匙長度為56位元。一鑰匙排程函數KS使用此KEY以產生16個次鑰匙K1至K16,而一個次鑰匙用於各回合。為了解密而產生此等次鑰匙,且以相反順序應用。此鑰匙排程KS之完整定義涉及:PC-1與PC-2之一對替換選擇(典型地作為表而實施),以及兩個28-位元區塊之所選擇鑰匙位元之一系列位元輪換,如同在FIPS出版刊物46-3中所說明者。然而,此等運算之最後效應為,各此等次鑰匙K1至K16可以被認為KEY之各別函數,而表示為列表以設定此由KEY所獲得48個位元之特定置換選擇。將各此等56個KEY位元,使用於16個次鑰匙中大約14個次鑰匙中之不同位置中。作為一例,此由DES鑰匙排程函數KS所界定之次鑰匙K1為: This DES operates on the 64-bit message block with 16 equal rounds between the first and last permutations of these blocks. Set these modes of operation to apply DES to messages that are longer than a single block. This DES uses a 64-bit key (KEY), of which 8 bits are dedicated to parity, so the effective key length is 56 bits. A key scheduling function KS uses this KEY to generate 16 secondary keys K1 to K16, and a secondary key is used for each round. These secondary keys are generated for decryption and are applied in reverse order. The complete definition of this key schedule KS involves: one of the PC-1 and PC-2 alternatives (typically implemented as a table), and one of the selected key bits of the two 28-bit blocks. Yuan rotation, as explained in FIPS Publication 46-3. However, the final effect of such operations is that each of the secondary keys K1 through K16 can be considered a separate function of KEY and represented as a list to set a particular permutation selection for the 48 bits obtained by the KEY. Each of these 56 KEY bits is used in a different one of about 14 of the 16 secondary keys. As an example, the secondary key K1 defined by the DES key scheduling function KS is:

而此等數字代表由此KEY與次鑰匙所選擇位元,而被組織成各6位元之8個組。These numbers represent the bits selected by the KEY and the secondary key, and are organized into 8 groups of 6 bits each.

此16個DES回合具有Feistel結構,其中將64-位元訊息區塊分割成兩個(「左」與「右」)半區塊,且以連續回合以交叉設計(對於回合i=1至16,Li =Ri 1 且Ri =Li 1 ⊕ f(Ri 1 ,Ki ))交替處理。此解密設計為類似。如同在圖1中可以看出,此用於DES回合之加密函數f(R,K)涉及將以下組合:(1)擴展函數E,其採用32-位元之半-區塊Ri 1 ,且產生48-位元輸出;(2)鑰匙-混合功能,其係按位元以XOR運算⊕,將此48-位元擴展輸出與此用於此回合之48-位元次鑰匙Ki 組合;(3)非線性替代轉換,採用此48-位元鑰匙混合輸出,將其分割成8個6-位元之件,且應用此等件作為輸入,以各別定址此8個選擇表或S-箱S1 至S8 ,以獲得一組8個4-位元輸出;以及(4)置換函數P,將來自此等S-箱之32個輸出位元重新配置。The 16 DES rounds have a Feistel structure in which a 64-bit message block is divided into two ("left" and "right") half blocks, and is designed in a continuous round (for rounds i = 1 to 16). , L i = R i - 1 and R i = L i - 1 ⊕ f (R i - 1 , K i )) are alternately processed. This decryption is designed to be similar. As can be seen in Figure 1, this cryptographic function f(R, K) for DES rounds involves the following combinations: (1) Extension function E, which uses a 32-bit half-block R i - 1 And generating a 48-bit output; (2) a key-mixing function, which is an XOR operation by bit, and this 48-bit extended output is used for the 48-bit secondary key K i used for this round. (3) Non-linear alternative conversion, using this 48-bit key mixed output, split it into 8 6-bit pieces, and apply these pieces as input to individually address the 8 selection tables Or S-boxes S 1 through S 8 to obtain a set of 8 4-bit outputs; and (4) permutation function P to reconfigure the 32 output bits from the S-boxes.

各DES S-箱S1 至S8 為將6-位元輸入與4-位元輸出相關聯之函數,如同在FIPS出版刊物46-3中所說明。此6-位元之此等組進入各S-箱,且選擇此64個4-位元項目之一。本發明之方法確保此來自各S-箱之所有64個可能性均被存取。為達此目的,建構此包含64個遮罩之遮罩表。在此表中之各遮罩可以為8位元組寬,其中48個位元使用於遮罩運算,以及其餘16個位元(例如,來自各位元組之兩個位元)可以為:(a)8個奇偶檢驗位元(或其他錯誤檢查位元),其可以藉由應用此DES鑰匙之奇偶檢驗法則而算出,以及(b)可以隨機選出之額外位元、或藉由以與48位元相同機構將其推導而算出,但除了用於一或更多其他回合中之此等S-箱之外。此使用於遮罩之48個位元形成一組8個6-位元之值,其範圍為0至63。在此組中各此等8個6-位元之值對應於8個S-箱S1 至S8 之不同之一個。(請注意:為了對假性遮罩隱藏此真實遮罩之身份,且亦隱藏此所使用之假性值,此等形成此8個值之遮罩位元,並無須從此遮罩以連續或以上升順序擷取。例如,可以使用此等鑰匙排程之一,例如用於回合一者,以從各遮罩獲得此等值。因此,可以使用位元10、51、34、60、49、以及17,以獲得對應於S-箱S1 之此等遮罩值。)Each DES S-box S 1 through S 8 is a function that associates a 6-bit input with a 4-bit output, as illustrated in FIPS Publication 46-3. These 6-bit groups enter each S-box and one of the 64 4-bit items is selected. The method of the present invention ensures that all 64 possibilities from each S-box are accessed. To achieve this, construct a mask table containing 64 masks. The masks in this table can be octet wide, with 48 bits used for mask operations, and the remaining 16 bits (eg, two bits from each tuple) can be: ( a) 8 parity bits (or other error checking bits), which can be calculated by applying the parity rule of the DES key, and (b) extra bits that can be randomly selected, or by using 48 The same mechanism is derived from the same location, but is used in addition to these S-boxes in one or more other rounds. This 48 bits used in the mask form a set of 8 6-bit values ranging from 0 to 63. In this group of each of these eight 6- bit value corresponds to one of eight different S- boxes S 1 to S 8 of. (Please note: in order to hide the identity of this real mask for false masks, and also to hide the false values used, these masking bits that form these 8 values do not need to be continuous or In the ascending order, for example, one of these key schedules can be used, for example for a round, to obtain this value from each mask. Thus, bits 10, 51, 34, 60, 49 can be used. , and 17, to obtain S 1 corresponding to the case of such S- mask value.)

以下為最簡單之遮罩表,而行S1至S8顯示此分配給用於各遮罩S-箱之所擷取6-位元值之十進位等同值: The following is the simplest mask table, and rows S1 through S8 show the decimal equivalents assigned to the 6-bit values for each mask S-box:

故在此處此表之各列包含8個相等值。然而,如果在任何給定行(對應於特定S-箱),此從0至63所有可能值出現一次且僅出現一次,則可以建構其他遮罩表。此在各行中之值可以為隨機順序。典型地,此等遮罩之一例如為遮罩[0]包含所有0值,且被指定為「真實」遮罩。Therefore, the columns of this table here contain 8 equal values. However, if any of the possible values from 0 to 63 occur once and only once in any given row (corresponding to a particular S-box), then other mask tables can be constructed. The values in each row can be in a random order. Typically, one of these masks, for example, mask [0] contains all zero values and is designated as a "real" mask.

在使用此整體遮罩方法之加密運算期間,在啟動此未經修正加密演算法之前,將此來自重新建構遮罩表之所有遮罩應用至所有加密鑰匙。此加密演算法之整體而言,可以使用不同遮罩鑰匙用於整個加密之各回路,因此可以回路多次。此等遮罩鑰匙之一為真實鑰匙,其產生真實回合次鑰匙作為此加密演算法之一部份,而所有其他遮罩鑰匙為假性鑰匙,其產生假性次鑰匙且獲得假性結果。將此等0值分派給單一遮罩,其在當使用遮罩時,允許取得真實結果。During the encryption operation using this overall masking method, all masks from the reconstructed mask table are applied to all encryption keys before starting this uncorrected encryption algorithm. As a whole of this encryption algorithm, different mask keys can be used for each loop of the entire encryption, so it can be looped multiple times. One of these mask keys is a real key that produces a real round key as part of this encryption algorithm, while all other mask keys are false keys that produce false secondary keys and obtain false results. Assigning these zero values to a single mask allows for real results when using a mask.

在使用此內部遮罩方法加密運算期間,將此來自預先建構遮罩表之所有遮罩,在每一個回合中應用至所有S-箱之輸入。在圖2中顯示一說明例,在此第一加密回合期間將此64個遮罩之一代表,例如遮罩「15」,應用至第一S-箱S1 。這說明當執行內部遮罩時,對於此加密演算法內部所作之修正。此將該遮罩應用至其他S-箱S2 至S8 為類似,如同在其他遮罩之應用中,且亦在隨後之回合中。在使用內部遮罩之各回合中,此過程回路64次,以便將所有遮罩、包括真實遮罩應用至次鑰匙與資料。可以任何順序、例如隨機順序應用此遮罩,此順序對於各回合可以不同,假設各遮罩在任何回合中僅確實使用一次、以及假設此真實遮罩對於加密引擎為已知。這即是,可以使用遮罩表之隨機存取。可以將真實遮罩之身份儲存於暫存器中,而在當此過程經由此組遮罩回路時與一指數比較。此由8個S-箱所輸出之真實結果被保持在暫存器或記憶體中,一直至所有64個遮罩已被應用為止,以及然後將此真實結果傳送至此加密演算法之下一個步驟。此DES置換函數P、可以與此來自S-箱輸出之真實結果之儲存一起實施。如果想要的話,亦可以將錯誤結果保留在假性記憶體位置,且亦可以置換,但無須傳送至此加密中之下一回合。During the encryption operation using this internal mask method, all masks from the pre-constructed mask table are applied to all S-box inputs in each round. A display described embodiment, during this first round this encryption mask 64 represents one example the mask "15", applied to the first tank S- S 1 in FIG. This illustrates the corrections made internally to this encryption algorithm when the internal mask is executed. This applies the mask to other S-boxes S 2 to S 8 as similarly as in other mask applications, and also in subsequent rounds. In each turn using the internal mask, this process loops 64 times to apply all masks, including real masks, to the secondary key and data. This mask can be applied in any order, such as a random order, which can be different for each round, assuming that each mask is only used once in any round, and that this real mask is known to the encryption engine. That is, random access to the mask table can be used. The identity of the real mask can be stored in the scratchpad and compared to an index as the process passes through the set of mask loops. The actual result output by the eight S-boxes is held in the scratchpad or memory until all 64 masks have been applied, and then the actual result is passed to the next step of the encryption algorithm. . This DES permutation function P can be implemented in conjunction with this storage of the actual results from the S-box output. If desired, the error results can also be left in the dummy memory location and can be replaced, but not transmitted to the next round of the encryption.

此至8個S-箱之輸入包括:(1)由DES擴展函數E所獲得擴張資料區塊DATA;(2)用於特定回合之DES次鑰匙,在此處為次鑰匙K1;以及(3)被使用之特定遮罩,在此處為遮罩「15」。通常對於DES而言,此來自擴張資料區塊DATA之此等位元被連續地分配給8個S-箱,而以位元1-6用於S1 、位元7-12用於S2 等。此等用於次鑰匙K1之位元亦同樣連續地分配給8個S-箱,而以K1之位元1-6用於S1 、K1之位元7-12用於S2 等。其所不同者為:應記得此次鑰匙K1本身,如同此等用於隨後回合之其他次鑰匙,是由來自主鑰匙KEY之此等位元選擇與重新配置而成。此等來自遮罩「15」特定位元,亦如同與此表中其他遮罩一般被選擇與排序,以擷取應用於各S-箱之此等值,如同以上已經說明者。因此,對於第一S-箱S1 ,可以從遮罩「15」擷取第10、第51、第34、第60、第49、以及第17個位元,以獲得此值,而遮罩「15」S1 使用於S1 。此值在此說明為101010(或十進位42)。The inputs to the eight S-boxes include: (1) the extended data block DATA obtained by the DES extension function E; (2) the DES key for the specific round, here the secondary key K1; and (3) ) The specific mask that is used, here is the mask "15". Typically for DES, this bit from the expanded data block DATA is continuously allocated to 8 S-boxes, with bits 1-6 for S 1 and bits 7-12 for S 2 Wait. Such a secondary key K1 for the bit assigned to continuously equally S- box 8, and to the K1 bits 1-6 to S 1, K1 bits 7-12 for the S 2 and the like. The difference is: remember that the key K1 itself, like these other secondary keys for the subsequent round, is selected and reconfigured by the bits from the master key KEY. These are from the specific bits of the mask "15" and are also selected and ordered as with other masks in this table to capture the values applied to each S-box, as already explained above. Therefore, for the first S-box S 1 , the 10th, 51st, 34th, 60th, 49th, and 17th bits can be extracted from the mask "15" to obtain the value, and the mask "15" S 1 is used for S 1 . This value is described here as 101010 (or decimal 42).

各此等位元組(遮罩、次鑰匙、資料)使用按位元以XOR運算而與其他者組合,此XOR運算在圖2中以⊕作為符號。將在此所顯示之遮罩首先應用至此次鑰匙,以及然後將此所產生經遮罩鑰匙應用至此資料。然而,由於此按位元以XOR運算可以符合交換(commutative)與結合(associative)法則,可以將其在實際上以任何順序應用至此三個組(遮罩、次鑰匙、以及資料),且仍然可以獲得相同之S-箱輸入。的確,改變此應用於不同S-箱、遮罩、以及回合之順序確實有益,以使得此等運算對於任何外部觀察者更為模糊。Each of these bytes (mask, secondary key, data) is combined with the others by XOR operation using a bitwise element. This XOR operation is denoted by ⊕ in FIG. The mask shown here is first applied to the key, and then the resulting masked key is applied to this material. However, since this bitwise element can conform to the commutative and associative rules in XOR operations, it can be applied to these three groups (masks, secondary keys, and data) in virtually any order, and still The same S-box input can be obtained. Indeed, it is beneficial to change the order in which this applies to different S-boxes, masks, and rounds so that such operations are more ambiguous to any external observer.

如同以上說明,可以將本發明之遮罩過程應用至DES與其變化體以外之加密。例如Rijndael,其被採用作為進階加密標準(AES)且於NIST FIPS出版刊物197中,而使用具有8-位元輸入與輸出之S-箱。可以建構具有256(=28 )個不同遮罩之遮罩表,且應用作為該加密之AddRoundKey()轉換之一部份。許多其他加密演算法使用S-箱或類似替代表,且在此等S-箱之輸入側上提供鑰匙混合運算。此決定性遮罩,如同在此對於DES說明,可以應用至此等加密。As explained above, the masking process of the present invention can be applied to encryption other than DES and its variants. For example, Rijndael, which is adopted as the Advanced Encryption Standard (AES) and in the NIST FIPS Publication 197, uses an S-box with 8-bit input and output. A mask table with 256 (= 2 8 ) different masks can be constructed and applied as part of the encrypted AddRoundKey() conversion. Many other encryption algorithms use S-boxes or similar surrogate tables and provide key mixing operations on the input side of such S-boxes. This decisive mask, as explained here for DES, can be applied to such encryption.

參考圖3,其中可以看到用於執行本發明整體遮罩之例示硬體。記憶體31為用於資料讀取/寫入之儲存體,此資料包括經遮罩鑰匙。一亂數產生器32產生由其他單元所使用之亂數,其包括用於存取此遮罩表之列之隨機指數i。其可以使用在此技術中已知之任何適當之產生器。一遮罩表產生單元33產生此遮罩表之項目,且將其寫入於記憶體31中。此運算序列器34發出指令至其他單元,而將其動作排序。在此DES演算法之各回路期間,一鑰匙遮罩單元36從記憶體31讀取此(「真實」)加密鑰匙,以來自此儲存於記憶體31遮罩表之一項目將其遮罩,以及將此經遮罩鑰匙寫入記憶體31中。此DES計算單元37從記憶體31讀取:此經遮罩鑰匙與輸入資料(此一般內容或加密內容訊息區塊),使用此經遮罩鑰匙以執行DES加密演算法,其包括由此經遮罩鑰匙以產生任何次鑰匙,且將此結果作為輸出資料而寫回至記憶體31中。此使用於儲存此結果之記憶體位置將取決於:此經遮罩鑰匙是否為真實鑰匙或假性鑰匙。Referring to Figure 3, an exemplary hardware for performing the integral mask of the present invention can be seen therein. The memory 31 is a storage for reading/writing data, and the material includes a masked key. A random number generator 32 produces a random number used by other units, including a random index i for accessing the columns of the mask table. It can use any suitable generator known in the art. A mask table generating unit 33 generates an item of the mask table and writes it in the memory 31. This arithmetic sequencer 34 issues instructions to other units and orders their actions. During each loop of the DES algorithm, a key mask unit 36 reads the ("real") encryption key from the memory 31 to mask it from an item stored in the memory 31 mask table. And writing the masked key into the memory 31. The DES calculation unit 37 reads from the memory 31: the masked key and the input material (this general content or encrypted content message block), using the masked key to perform a DES encryption algorithm, which includes The key is masked to generate any secondary keys, and the result is written back to the memory 31 as output data. The location of the memory used to store this result will depend on whether the masked key is a real key or a fake key.

參考圖4,其中可以看到用於執行本發明內部遮罩之例示硬體。如同整體遮罩硬體之執行,此內部遮罩執行亦包括:一記憶體41、一亂數產生器42、以及一遮罩表產生單元43,所有此等基本功能與在整體遮罩硬體中相對應單元31-33者相同。此運算序列器44同樣亦發出指令至其他單元,而將其動作排序,但是此內部遮罩序列與整體遮罩序列不同。此硬體之執行更包括:一DES最初計算單元45;一回合次鑰匙遮罩單元46;一DES回合計算單元47;以及一DES最後計算單元48。此DES最初計算單元45實施DES回合前計算。特別是,其由記憶體41讀取輸入資料(以處理一般內容或加密內容訊息區塊),在第一回合之前執行DES之最初處理步驟(包括來自DES-X之鑰匙白化或類似變化),以及將此步驟結果寫回至記憶體41中。此外,單元45從記憶體41讀取此真實加密鑰匙,根據此所界定之DES鑰匙產生常式(routine)而產生一組回合次鑰匙,且將此等回合次鑰匙儲存回至記憶體41中。以替代方式,此等次鑰匙之產生可以「一回合-一回合」之基礎由DES回合計算單元47實施。在以上兩種情形之任一中,此等回合次鑰匙可以由回合次鑰匙遮罩單元46遮罩,其由記憶體41讀取相對應次鑰匙,而在此回合之各回路中,以此來自記憶體41之遮罩表之一項目將其遮罩,以及將此經遮罩次鑰匙寫入於記憶體41中。DES回合計算單元47從記憶體41讀取:用於此DES回合之所給定回路之經遮罩次鑰匙、以及用於該回合之輸入資料,實施回合計算且將此結果寫回至記憶體41中。此用於儲存此回合該回路結果之記憶體位置,取決於此所遮罩次鑰匙是否為用於該回合之真實次鑰匙或假性次鑰匙。各DES回合回路多次一直至此回合次鑰匙之所有遮罩均被使用過為止。此資料來自將此真實次鑰匙應用至在下一個回合中由記憶體41存取所輸入之資料。DES最後計算單元48從記憶體41讀取此最後回合之結果,實施DES回合後計算,且將此結果(此完全處理之訊息區塊)寫回至記憶體41中。Referring to Figure 4, an exemplary hardware for performing the internal mask of the present invention can be seen therein. As with the implementation of the overall mask hardware, the internal mask execution also includes a memory 41, a random number generator 42, and a mask table generating unit 43, all of these basic functions and hardware in the overall mask. The corresponding units 31-33 are the same. The arithmetic sequencer 44 also issues instructions to other units and orders their actions, but this internal mask sequence is different from the overall mask sequence. The execution of the hardware further includes: a DES initial calculation unit 45; a round secondary key mask unit 46; a DES round calculation unit 47; and a DES final calculation unit 48. This DES initial calculation unit 45 performs a pre-DES round calculation. In particular, it reads the input data from memory 41 (to process general content or encrypted content message blocks), and performs the initial processing steps of DES (including key whitening or similar changes from DES-X) before the first round, And writing the result of this step back to the memory 41. In addition, the unit 45 reads the real encryption key from the memory 41, generates a set of round secondary keys according to the defined DES key generation routine, and stores the round secondary keys back into the memory 41. . Alternatively, the generation of such secondary keys may be performed by the DES round calculation unit 47 on a "one round - one round" basis. In either of the above two cases, the secondary key can be masked by the secondary secondary key mask unit 46, which reads the corresponding secondary key from the memory 41, and in each loop of the round, An item from the mask table of the memory 41 masks it and writes the masked secondary key into the memory 41. The DES round calculation unit 47 reads from the memory 41: the masked secondary key for the given loop of the DES round, and the input data for the round, performs the round calculation and writes the result back to the memory 41. This is used to store the memory location of the loop result for this round, depending on whether the masked secondary key is the real secondary key or false secondary key for the round. Each DES round circuit is repeated multiple times until all the masks of the secondary key have been used. This information comes from applying this real secondary key to the data entered by the memory 41 in the next round. The DES final calculation unit 48 reads the result of this last round from the memory 41, performs the DES round calculation, and writes the result (this fully processed message block) back to the memory 41.

在此等例中所顯示之處理單元、除了遮罩單元36與46之外,均為已知用於執行DES或其他加密演算法之傳統元件。記憶體31與41具有位置,其可以分配用於儲存此遮罩表之項目;儲存此真實與假性鑰匙與次鑰匙;以及儲存真實與假性資料處理結果。此等遮罩單元36與46使用此遮罩表項目,在鑰匙或回合次鑰匙上實施按位元之XOR、或其他邏輯組合、或算數運算,以產生真實與假性鑰匙或次鑰匙。The processing units shown in these examples, with the exception of mask units 36 and 46, are conventional elements known for performing DES or other encryption algorithms. The memories 31 and 41 have locations that can be assigned items for storing the mask table; store the real and false keys and secondary keys; and store real and false data processing results. These masking units 36 and 46 use this masking table item to perform a bitwise XOR, or other logical combination, or arithmetic operation on the key or round secondary key to produce a real and false key or secondary key.

可以容易地建構對以上說明例之變化例,且適合用於不同之密碼應用。例如,以一適當快速處理器,且小心指定此等用於回合資料結果之真實與假性位址,則此根據本發明之整體與內部遮罩方法可以與、此由整體技術所產生之真實與假性鑰匙組合使用,此等鑰匙被當作加密鑰匙,而將內部遮罩應用於相對應之回合鑰匙組。Variations to the above illustrative examples can be readily constructed and are suitable for use with different cryptographic applications. For example, with a suitable fast processor and careful designation of such real and false addresses for the rounded data results, then the overall and internal masking methods according to the present invention can be derived from the overall technology. Used in combination with a false key, these keys are used as encryption keys, and internal masks are applied to the corresponding round key set.

31...記憶體31. . . Memory

32...亂數產生器32. . . Random generator

33...遮罩表產生單元33. . . Mask table generation unit

34...運算序列器34. . . Operational sequencer

36...鑰匙遮罩單元36. . . Key mask unit

37...DES計算單元37. . . DES calculation unit

41...記憶體41. . . Memory

42...亂數產生器42. . . Random generator

43...遮罩表產生單元43. . . Mask table generation unit

44...運算序列器44. . . Operational sequencer

45...DES最初計算單元45. . . DES initial calculation unit

46...回合次鑰匙遮罩單元46. . . Round secondary key mask unit

47...DES回合計算單元47. . . DES round calculation unit

48...DES最後計算單元48. . . DES final calculation unit

圖1為根據習知技術DES標準以說明DES加密功能之概略方塊圖;圖2為說明根據本發明例示之具體例所修正之DES加密功能之概略方塊圖;以及圖3及4為所例示之加密引擎之硬體概略方塊圖,其用以實施此根據本發明方法之各個整體遮罩與內部遮罩。1 is a schematic block diagram illustrating a DES encryption function according to a conventional DES standard; FIG. 2 is a schematic block diagram illustrating a DES encryption function modified according to a specific example of the present invention; and FIGS. 3 and 4 are exemplified A hardware schematic block diagram of an encryption engine for implementing the various integral and internal masks of the method in accordance with the present invention.

Claims (9)

一種加密保護方法,其包括:建構一具有複數個遮罩之遮罩表,其包括一真實遮罩與複數個假性遮罩,當將其應用至任何回合之任何次鑰匙時,可以有效地遮掩該次鑰匙之至少一些位元;在一加密之各回合期間,將該遮罩表之所有遮罩應用至一次鑰匙與一資料區塊,作為用於該回合之鑰匙混合運算之一部份,以便遮罩該鑰匙混合運算,當將該真實遮罩應用於次鑰匙與資料區塊時,可以獲得與在該鑰匙混合運算中僅應用該次鑰匙與該資料區塊相同的結果,且當在該鑰匙混合運算中應用所有該複數個遮罩時,可以獲得用於此加密之S-箱輸入值之每一個可能組合;將此經遮罩之鑰匙混合運算結果應用至一替代表之輸入或該加密之S-箱;以及使用此應用該真實遮罩之結果,繼續此加密之下一個步驟,直至完成所有回合。An encryption protection method includes: constructing a mask table having a plurality of masks, including a real mask and a plurality of false masks, which can be effectively applied to any secondary keys of any round Masking at least some of the bits of the secondary key; applying all masks of the mask to one key and one data block during each round of encryption as part of a key mixing operation for the round In order to mask the key mixing operation, when the real mask is applied to the secondary key and the data block, the same result as applying the secondary key to the data block in the key mixing operation can be obtained, and when When all of the plurality of masks are applied in the key mixing operation, each possible combination of the S-box input values for the encryption can be obtained; applying the masked key mixing result to an input of the substitution table Or the encrypted S-box; and the result of using the real mask of this application, continue the next step of this encryption until all rounds are completed. 如申請專利範圍第1項之加密保護方法,其中,將在任何加密回合中之該等遮罩、次鑰匙、以及資料區塊分割成複數個n-位元區塊,而各別分配給特定S-箱輸入,該遮罩表包含2n 個遮罩,而各此等2n 個可能n-位元值,在用於該等遮罩之各別分配區塊中發生一次且僅發生一次。The encryption protection method of claim 1, wherein the mask, the secondary key, and the data block are divided into a plurality of n-bit blocks in any encryption round, and each is assigned to a specific one. S-box input, the mask table contains 2 n masks, and each of these 2 n possible n-bit values occurs once and only once in the respective allocation blocks for the masks . 如申請專利範圍第2項之加密保護方法,其中,此分配給特定S-箱輸入之該n-位元值係藉由該遮罩之該等位元之預定選擇與順序,而從一所給定遮罩擷取。The encryption protection method of claim 2, wherein the n-bit value assigned to the specific S-box input is determined by the predetermined selection and order of the pixels of the mask. Given a mask capture. 如申請專利範圍第2項之加密保護方法,其中,在任何加密回合中該各別分配之遮罩區塊、次鑰匙、以及資料區塊形成S-箱輸入,而與該加密之S-箱表不同。The encryption protection method of claim 2, wherein the separately allocated mask block, secondary key, and data block form an S-box input in any encryption round, and the encrypted S-box The table is different. 如申請專利範圍第1項之加密保護方法,其中,將該遮罩表應用至該次鑰匙與該資料區塊、作為該鑰匙混合運算之一部份,其係涉及按位元之XOR運算,該真實遮罩包括一組0值。The encryption protection method of claim 1, wherein the mask table is applied to the secondary key and the data block as part of the key mixing operation, which involves an XOR operation by bit, The real mask includes a set of zero values. 如申請專利範圍第1項之加密保護方法,其中,在該遮罩表中之各遮罩係每回合在該鑰匙混合運算中以隨機順序存取與應用一次且僅一次,該真實遮罩係可辨識該加密。The encryption protection method of claim 1, wherein each mask in the mask table is accessed and applied once and only once in a random order in the key mixing operation, the real mask system. This encryption can be recognized. 如申請專利範圍第1項之加密保護方法,其中,該加密係為一DES變化體,其使用在已明訂之DES標準中所說明之核心演算法。The cryptographic protection method of claim 1, wherein the encryption is a DES variant using a core algorithm as described in the DES standard already specified. 如申請專利範圍第1項之加密保護方法,其中,各假性遮罩具有一組相同非零值,其與在所有其他遮罩中之值不同。The cryptographic protection method of claim 1, wherein each of the dummy masks has a set of identical non-zero values that are different from values in all other masks. 如申請專利範圍第1項之加密保護方法,其中,各該假性遮罩具有在該組中不同之非零值。The cryptographic protection method of claim 1, wherein each of the pseudo masks has a different non-zero value in the group.
TW095142013A 2005-11-21 2006-11-14 Encryption protection method TWI418197B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR0511768A FR2893796B1 (en) 2005-11-21 2005-11-21 ENCRYPTION PROTECTION METHOD
US11/358,979 US7848515B2 (en) 2005-11-21 2006-02-22 Encryption protection method

Publications (2)

Publication Number Publication Date
TW200742383A TW200742383A (en) 2007-11-01
TWI418197B true TWI418197B (en) 2013-12-01

Family

ID=36602442

Family Applications (1)

Application Number Title Priority Date Filing Date
TW095142013A TWI418197B (en) 2005-11-21 2006-11-14 Encryption protection method

Country Status (8)

Country Link
US (1) US7848515B2 (en)
EP (1) EP1955465B1 (en)
JP (1) JP4990908B2 (en)
KR (1) KR101345083B1 (en)
CN (1) CN101371480B (en)
FR (1) FR2893796B1 (en)
TW (1) TWI418197B (en)
WO (1) WO2007102898A2 (en)

Families Citing this family (85)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2893796B1 (en) 2005-11-21 2008-01-04 Atmel Corp ENCRYPTION PROTECTION METHOD
US8781111B2 (en) * 2007-07-05 2014-07-15 Broadcom Corporation System and methods for side-channel attack prevention
CA2688592C (en) * 2007-10-01 2014-04-15 Research In Motion Limited Substitution table masking for cryptographic processes
FR2924262B1 (en) * 2007-11-26 2009-12-11 Sagem Securite METHOD OF MASKING A PASSAGE AT THE END OF LIFE OF AN ELECTRONIC DEVICE AND DEVICE COMPRISING A CORRESPONDING CONTROL MODULE
WO2009074726A1 (en) * 2007-12-13 2009-06-18 Oberthur Technologies Method for cryptographic data processing, particularly using an s box, and related device and software
US20100027781A1 (en) * 2007-12-20 2010-02-04 Galbi Duane E Method and apparatus for enhancing performance of data encryption standard (des) encryption/decryption
WO2009126077A1 (en) * 2008-04-10 2009-10-15 Sca Hygiene Products Ab Paper towel dispenser
DE102008023912A1 (en) * 2008-05-16 2009-11-19 Siemens Aktiengesellschaft Method and storage device for providing a cryptographic key
FR2935503A1 (en) * 2008-08-28 2010-03-05 St Microelectronics Rousset PROTECTION OF AN ENCRYPTION ALGORITHM
US9653004B2 (en) * 2008-10-16 2017-05-16 Cypress Semiconductor Corporation Systems and methods for downloading code and data into a secure non-volatile memory
US8094816B2 (en) * 2008-10-21 2012-01-10 Apple Inc. System and method for stream/block cipher with internal random states
EP2180631A1 (en) * 2008-10-24 2010-04-28 Gemalto SA Cryptographic algorithm fault protections
FR2941343B1 (en) * 2009-01-20 2011-04-08 Groupe Des Ecoles De Telecommunications Get Ecole Nat Superieure Des Telecommunications Enst CIRCUIT OF CRYPTOGRAPHY, PROTECTS IN PARTICULAR AGAINST ATTACKS BY OBSERVATION OF LEAKS OF INFORMATION BY THEIR ENCRYPTION.
US8832464B2 (en) * 2009-03-31 2014-09-09 Oracle America, Inc. Processor and method for implementing instruction support for hash algorithms
US8654970B2 (en) * 2009-03-31 2014-02-18 Oracle America, Inc. Apparatus and method for implementing instruction support for the data encryption standard (DES) algorithm
US20100250965A1 (en) * 2009-03-31 2010-09-30 Olson Christopher H Apparatus and method for implementing instruction support for the advanced encryption standard (aes) algorithm
US20100246815A1 (en) * 2009-03-31 2010-09-30 Olson Christopher H Apparatus and method for implementing instruction support for the kasumi cipher algorithm
US9317286B2 (en) * 2009-03-31 2016-04-19 Oracle America, Inc. Apparatus and method for implementing instruction support for the camellia cipher algorithm
US20100284537A1 (en) * 2009-05-07 2010-11-11 Horizon Semiconductors Ltd. Method for efficiently decoding a number of data channels
FR2952735B1 (en) * 2009-11-18 2011-12-09 St Microelectronics Rousset METHOD AND DEVICE FOR DETECTING FAULT INJECTION ATTACKS
KR101334040B1 (en) * 2010-01-20 2013-11-28 한국전자통신연구원 Method and apparatus for providing masking operations in encryption system
US8619985B2 (en) * 2010-04-27 2013-12-31 Research In Motion Limited Table splitting for cryptographic processes
DE102010028375A1 (en) * 2010-04-29 2011-11-03 Robert Bosch Gmbh Method for protecting functional cryptographic operations against side channel attacks for cryptography system in car, involves performing non-functional cryptographic operations supplementary to functional cryptographic operations
GB2480296A (en) 2010-05-12 2011-11-16 Nds Ltd Processor with differential power analysis attack protection
US8625802B2 (en) * 2010-06-16 2014-01-07 Porticor Ltd. Methods, devices, and media for secure key management in a non-secured, distributed, virtualized environment with applications to cloud-computing security and management
CN101951314B (en) * 2010-10-12 2012-06-20 北京航空航天大学 Design method of S-box in symmetric password encryption
US8504845B2 (en) * 2011-03-30 2013-08-06 Apple Inc. Protecting states of a cryptographic process using group automorphisms
KR101601684B1 (en) * 2011-05-18 2016-03-09 한국전자통신연구원 Method for implementing symmetric key encryption algorithm against power analysis attacks
US8971526B2 (en) * 2011-07-26 2015-03-03 Crocus-Technology Sa Method of counter-measuring against side-channel attacks
MY178555A (en) * 2011-08-19 2020-10-16 Mimos Berhad Method and system for providing a secured internet protocol based communication
US8958550B2 (en) * 2011-09-13 2015-02-17 Combined Conditional Access Development & Support. LLC (CCAD) Encryption operation with real data rounds, dummy data rounds, and delay periods
FR2984553B1 (en) 2011-12-15 2015-11-06 Proton World Int Nv METHOD AND DEVICE FOR DETECTING FAULTS
KR101401382B1 (en) * 2011-12-15 2014-06-02 한국전자통신연구원 Method and apparatus for providing side channel analysis in distributed system
JP5612007B2 (en) * 2012-03-15 2014-10-22 株式会社東芝 Encryption key generator
CN104583961B (en) * 2012-08-14 2017-12-01 英派尔科技开发有限公司 Side-channel attack based on software prevents
US20140192974A1 (en) * 2012-10-17 2014-07-10 Elliptic Technologies Inc. System and method for cryptographic processing in a time window
US9143325B2 (en) 2012-12-14 2015-09-22 Microsoft Technology Licensing, Llc Masking with shared random bits
CN103888245A (en) * 2012-12-20 2014-06-25 北京握奇数据系统有限公司 S box randomized method and system for smart card
US10142099B2 (en) 2013-01-11 2018-11-27 Qualcomm Incorporated Method and apparatus for a computable, large, variable and secure substitution box
US9754133B2 (en) * 2013-03-14 2017-09-05 Microchip Technology Incorporated Programmable device personalization
FR3015726B1 (en) * 2013-12-24 2016-01-08 Morpho SECURE COMPARATIVE PROCESSING METHOD
US20150222421A1 (en) * 2014-02-03 2015-08-06 Qualcomm Incorporated Countermeasures against side-channel attacks on cryptographic algorithms
US9405919B2 (en) * 2014-03-11 2016-08-02 Qualcomm Incorporated Dynamic encryption keys for use with XTS encryption systems employing reduced-round ciphers
KR102446866B1 (en) 2014-08-28 2022-09-23 삼성전자주식회사 Endecryptor preventing side channel attack, driving method thereof and control device having the same
SG10201405852QA (en) 2014-09-18 2016-04-28 Huawei Internat Pte Ltd Encryption function and decryption function generating method, encryption and decryption method and related apparatuses
US11563566B2 (en) * 2014-10-27 2023-01-24 Micro Focus Llc Key splitting
DE102014016548A1 (en) * 2014-11-10 2016-05-12 Giesecke & Devrient Gmbh Method for testing and hardening software applications
US9923719B2 (en) 2014-12-09 2018-03-20 Cryptography Research, Inc. Location aware cryptography
US9774443B2 (en) 2015-03-04 2017-09-26 Apple Inc. Computing key-schedules of the AES for use in white boxes
CN104734842B (en) * 2015-03-13 2018-06-08 上海交通大学 Method is resisted in circuits bypass attack based on pseudo-operation
CN104734845B (en) * 2015-03-25 2018-11-23 上海交通大学 Bypass attack means of defence based on full Encryption Algorithm pseudo-operation
CN106161007B (en) * 2015-04-17 2019-10-01 上海华虹集成电路有限责任公司 The key stowage of template attack is resisted in safety chip
KR101687492B1 (en) * 2015-08-06 2016-12-16 주식회사 엘지씨엔에스 Storing method of data dispersively and credential processing unit
US10333699B1 (en) 2015-09-30 2019-06-25 Cryptography Research, Inc. Generating a pseudorandom number based on a portion of shares used in a cryptographic operation
US10015009B2 (en) * 2015-11-25 2018-07-03 Nxp B.V. Protecting white-box feistel network implementation against fault attack
EP3208788B1 (en) 2016-02-22 2020-06-03 Eshard Method of protecting a circuit against a side-channel analysis
FR3048096A1 (en) * 2016-02-22 2017-08-25 Eshard METHOD FOR PROTECTING A CIRCUIT AGAINST AUXILIARY CHANNEL ANALYSIS
EP3264397B1 (en) * 2016-06-28 2020-09-16 Eshard A protection method and device against a side-channel analysis
EP3264311B1 (en) 2016-06-28 2021-01-13 Eshard A protection method and device against a side-channel analysis
CN107547189A (en) 2016-06-28 2018-01-05 埃沙尔公司 Guard method and equipment from side Multiple Channel Analysis
US10243937B2 (en) * 2016-07-08 2019-03-26 Nxp B.V. Equality check implemented with secret sharing
US10771235B2 (en) * 2016-09-01 2020-09-08 Cryptography Research Inc. Protecting block cipher computation operations from external monitoring attacks
FR3056322B1 (en) * 2016-09-21 2018-09-21 Safran Identity & Security METHOD OF ENCRYPTION OR DE-RECTIFICATION PROTECTED AGAINST HALF-CHANNEL ATTACKS
US10742405B2 (en) * 2016-12-16 2020-08-11 The Boeing Company Method and system for generation of cipher round keys by bit-mixers
EP3407528A1 (en) * 2017-05-24 2018-11-28 Koninklijke Philips N.V. Cryptographic device and method
JP2019003163A (en) * 2017-06-20 2019-01-10 富士通株式会社 Information processing device, information processing method, and program
EP3422176A1 (en) * 2017-06-28 2019-01-02 Gemalto Sa Method for securing a cryptographic process with sbox against high-order side-channel attacks
DE102017009315B4 (en) * 2017-10-06 2019-11-21 Sergej Gertje Protection of automation programs against reverse development
US20190116022A1 (en) * 2017-10-16 2019-04-18 Samsung Electronics Co., Ltd. Encryption device and operation method thereof
TW201919361A (en) * 2017-11-09 2019-05-16 張英輝 Method for block cipher enhanced by nonce text protection and decryption thereof
FR3074323B1 (en) 2017-11-30 2019-12-06 Idemia France METHOD AND DEVICE FOR CRYPTOGRAPHIC DATA PROCESSING
CN108111297A (en) * 2017-12-20 2018-06-01 上海新储集成电路有限公司 A kind of cipher key system
US11218291B2 (en) * 2018-02-26 2022-01-04 Stmicroelectronics (Rousset) Sas Method and circuit for performing a substitution operation
FR3078464A1 (en) * 2018-02-26 2019-08-30 Stmicroelectronics (Rousset) Sas METHOD AND CIRCUIT FOR IMPLEMENTING A SUBSTITUTION TABLE
FR3078463A1 (en) * 2018-02-26 2019-08-30 Stmicroelectronics (Rousset) Sas METHOD AND DEVICE FOR REALIZING SUBSTITUTED TABLE OPERATIONS
CN108848073B (en) * 2018-05-31 2021-04-13 唐山智能电子有限公司 Method and system for encrypting and decrypting data of real-time data acquisition system
CN108737073B (en) * 2018-06-22 2021-09-28 北京智芯微电子科技有限公司 Method and device for resisting energy analysis attack in block encryption operation
US10824718B2 (en) * 2018-07-05 2020-11-03 Nxp B.V. Shuffling mechanism for shuffling an order of data blocks in a data processing system
KR102038598B1 (en) * 2018-11-08 2019-10-30 국민대학교산학협력단 Encryption apparatus and method for preventing coupling effect
CN110427969B (en) * 2019-07-01 2020-11-27 创新先进技术有限公司 Data processing method and device and electronic equipment
US11507699B2 (en) * 2019-09-27 2022-11-22 Intel Corporation Processor with private pipeline
JP7314108B2 (en) * 2020-08-27 2023-07-25 株式会社東芝 Cryptographic processing device, cryptographic processing method and program
CN113742759B (en) * 2021-11-04 2022-02-22 国网浙江省电力有限公司 Data encryption method and device for financial accounting system
CN115118453A (en) * 2022-05-19 2022-09-27 成都安美勤信息技术股份有限公司 Mailing sensitive information privacy protection method based on commercial cipher algorithm
CN117614608B (en) * 2024-01-22 2024-04-16 南京航空航天大学 NTT (network time Table) defense method for resisting energy analysis attack

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2831739A1 (en) * 2001-10-31 2003-05-02 Gemplus Card Int METHOD FOR THE SECURE IMPLEMENTATION OF A FUNCTIONAL MODULE IN AN ELECTRONIC COMPONENT AND CORRESPONDING COMPONENT
US20050169463A1 (en) * 2004-01-29 2005-08-04 Ahn Kyoung-Moon Hardware cryptographic engine and hardware cryptographic method using an efficient S-BOX implementation

Family Cites Families (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6028939A (en) 1997-01-03 2000-02-22 Redcreek Communications, Inc. Data security system and method
EP1090480B1 (en) * 1998-06-03 2019-01-09 Cryptography Research, Inc. Improved des and other cryptographic processes with leak minimization for smartcards and other cryptosystems
JP3600454B2 (en) * 1998-08-20 2004-12-15 株式会社東芝 Encryption / decryption device, encryption / decryption method, and program storage medium therefor
CA2252078C (en) 1998-10-28 2009-02-17 Certicom Corp. Power signature attack resistant cryptographic system
GB2345229B (en) * 1998-12-23 2003-12-03 Motorola Ltd Method for encrypting data
FI107487B (en) * 1999-03-08 2001-08-15 Nokia Mobile Phones Ltd Procedure for encrypting data transmission in a radio system
US6724894B1 (en) 1999-11-05 2004-04-20 Pitney Bowes Inc. Cryptographic device having reduced vulnerability to side-channel attack and method of operating same
CA2327911A1 (en) 2000-12-08 2002-06-08 Cloakware Corporation Obscuring functions in computer software
FR2825542B1 (en) * 2001-05-31 2003-08-29 Sagem METHOD BASED ON A ROUND REPETITION BLOCK ENCRYPTION ALGORITHM AND DEVICE USING THE SAME
JP4596686B2 (en) * 2001-06-13 2010-12-08 富士通株式会社 Secure encryption against DPA
JP2003018143A (en) * 2001-06-28 2003-01-17 Mitsubishi Electric Corp Information processor
US7142670B2 (en) 2001-08-14 2006-11-28 International Business Machines Corporation Space-efficient, side-channel attack resistant table lookups
US7043017B2 (en) * 2001-09-13 2006-05-09 Freescale Semiconductor, Inc. Key stream cipher device
US6754190B2 (en) 2001-10-17 2004-06-22 Motorola, Inc. Channel selection method used in a communication system
US7194633B2 (en) 2001-11-14 2007-03-20 International Business Machines Corporation Device and method with reduced information leakage
FR2832739B1 (en) 2001-11-27 2004-02-13 Eads Launch Vehicles METHOD FOR PRODUCING A MULTIDIRECTIONAL TEXTILE PREFORM, DEVICE FOR IMPLEMENTING SAME AND PREFORM THUS OBTAINED
US7295671B2 (en) * 2002-05-23 2007-11-13 Atmel Corporation Advanced encryption standard (AES) hardware cryptographic engine
JP2004004341A (en) * 2002-05-31 2004-01-08 Toshiba Corp Apparatus and method for modulo exponentiation calculation, and program
US7685436B2 (en) 2003-10-02 2010-03-23 Itt Manufacturing Enterprises, Inc. System and method for a secure I/O interface
EP1587237B1 (en) * 2004-04-16 2006-12-13 Research In Motion Limited Security countermeasures for power analysis attacks
KR100610367B1 (en) * 2004-06-19 2006-08-10 삼성전자주식회사 The multiplication method and apparatus for preventing in Galois field, the apparatus for inversion in Galois field and the apparatus for AES byte substitution operation
FR2873523B1 (en) * 2004-07-22 2007-08-10 Sagem METHOD AND DEVICE FOR PERFORMING A CRYPTOGRAPHIC CALCULATION
US20070076228A1 (en) 2005-10-04 2007-04-05 Jacob Apelbaum System and method for providing data services via a network
FR2893796B1 (en) 2005-11-21 2008-01-04 Atmel Corp ENCRYPTION PROTECTION METHOD

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2831739A1 (en) * 2001-10-31 2003-05-02 Gemplus Card Int METHOD FOR THE SECURE IMPLEMENTATION OF A FUNCTIONAL MODULE IN AN ELECTRONIC COMPONENT AND CORRESPONDING COMPONENT
US20050169463A1 (en) * 2004-01-29 2005-08-04 Ahn Kyoung-Moon Hardware cryptographic engine and hardware cryptographic method using an efficient S-BOX implementation

Also Published As

Publication number Publication date
KR20080073345A (en) 2008-08-08
WO2007102898A2 (en) 2007-09-13
WO2007102898A3 (en) 2008-04-17
TW200742383A (en) 2007-11-01
CN101371480B (en) 2013-08-21
EP1955465A2 (en) 2008-08-13
FR2893796B1 (en) 2008-01-04
CN101371480A (en) 2009-02-18
US20080019503A1 (en) 2008-01-24
JP4990908B2 (en) 2012-08-01
KR101345083B1 (en) 2013-12-26
EP1955465B1 (en) 2019-09-11
US7848515B2 (en) 2010-12-07
EP1955465A4 (en) 2016-11-30
FR2893796A1 (en) 2007-05-25
JP2009516964A (en) 2009-04-23

Similar Documents

Publication Publication Date Title
TWI418197B (en) Encryption protection method
US8094816B2 (en) System and method for stream/block cipher with internal random states
US7778419B2 (en) Key masking for cryptographic processes
EP2195761B1 (en) Substitution table masking for cryptographic processes
US7848514B2 (en) Table masking for resistance to power analysis attacks
CA2578316C (en) Table splitting for cryptographic processes
EP1421461B1 (en) Space-efficient, Side-channel Attack Resistant Table Lookups
CN107005404B (en) Processor apparatus implementing executable white-box mask implementations of cryptographic algorithms
US7720225B2 (en) Table splitting for cryptographic processes
US8644500B2 (en) Apparatus and method for block cipher process for insecure environments
CA2593076C (en) Display of decrypted data by a graphics processing unit
US8619985B2 (en) Table splitting for cryptographic processes
US20050232416A1 (en) Method and device for determining a result
EP3078154B1 (en) A computing device for iterative application of table networks
EP1601132A1 (en) Table Masking for Resistance to Power Analysis Attacks
EP2363974A1 (en) Variable table masking for cryptographic processes
KR101203474B1 (en) Process of security of a unit electronic unit with cryptoprocessor
TW201312982A (en) A method of counter-measuring against side-channel attacks